- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Mon, 26 Sep 2022 02:05:40 +0000
- To: public-webauthn@w3.org
I agree, but a minimum length would also be a good boundary rather than just recommending something. I've seen production deployments with challenges far shorter than 16 bytes that really should not be accepted. So can we have a min and max bound? -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1803#issuecomment-1257379225 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 26 September 2022 02:05:42 UTC